from the that's-the-way-to-do-it dept

Earlier this year, Techdirt reported on details that have emerged about how GCHQ and the NSA tap underwater cables carrying large quantities of the world's Internet traffic. Now, in a long and detailed post from Matthijs R. Koot, we learn that the Dutch government is planning to give similar powers to its own intelligence and security services. Dutch intelligence services can already carry out bulk collection of wireless communications, provided those have at least a foreign source or foreign destination -- that is, domestic bulk intercept is not permitted. A committee reviewed the law governing interception, and recommended that it should become "technology-neutral" so as to allow bulk collection of cable signals too. Most of Koot's post is taken up with a translation of the Dutch government's response to that recommendation. The new framework for interception consists of three phases:

In the first phase -- collection -- goal-oriented relevant data are intercepted and made accessible (for instance by decryption), after advance approval from the Minister based on an investigation goal defined as accurately as possible. Preparatory technical activities aimed at goal-oriented collection of data and making the data accessible, can be part of this phase. Individuals or organizations are not yet being investigated in this phase, meaning that the infringement on privacy is limited. The second phase -- preprocessing -- is aimed at optimizing, in broad sense, the interception process, in the context of ongoing, approved investigatory assignments using the collected data. As this optimization can require metadata analysis or briefly taking a look at the contents of telecommunication, the infringement on privacy is greater than in the first phase. In the third phase -- processing -- selection of relevant telecommunications takes place, and selected data are used to gain insight into the intentions, capabilities and behavior of individuals and organizations that are subject of investigation. In this phase, target-oriented investigation takes place, in which the contents of telecommunications and metadata are analyzed to identify individuals or organizations, and to recognize patterns.

An increasing insight into the personal life is thus obtained from phase to phase. The safeguards that will be laid down in legislation, must be stronger as the infringement on privacy is greater.

The response then goes on to spell out those safeguards, as well as describing other key areas, such as co-operation with network providers and data exchange with foreign security services. All-in-all, the document demonstrates nicely how a government can be transparent about the way that it is approaching bulk interception, but without jeopardizing any aspect of its operations. It's a pity other governments are unable to do the same.

from the it-all-comes-out-eventually dept

Apparently, the UK government worked very hard to get the Guardian and others not to publish certain details about how GCHQ (and NSA) tap certain underwater cables that connect the internet around the globe, as it turns out that they get lots of help from BT and Vodafone Cable (via its purchase of Cable & Wireless). Those two companies apparently get paid handsomely for helping the government tap into these undersea cables. The Register decided it doesn't quite care how much the UK government doesn't want this stuff published, and went ahead and did so anyway:

British national telco BT, referred to within GCHQ and the American NSA under the ultra-classified codename “REMEDY”, and Vodafone Cable (which owns the former Cable & Wireless company, aka “GERONTIC”) are the two top earners of secret GCHQ payments running into tens of millions of pounds annually.

The actual locations of such codenamed “access points” into the worldwide cable backbone are classified 3 levels above Top Secret and labelled “Strap 3”. The true identities of the companies hidden behind codenames such as “REMEDY”, “GERONTIC”, “STREETCAR” or “PINNAGE” are classified one level below this, at “Strap 2”.

After these details were withheld, the government opted not to move against the Guardian newspaper last year for publishing above-top-secret information at the lower level designated “Strap 1”. This included details of the billion-pound interception storage system, Project TEMPORA, which were revealed in 2013 and which have triggered Parliamentary enquiries in Britain and Europe, and cases at the European Court of Human Rights. The Guardian was forced to destroy hard drives of leaked information to prevent political embarrassment over extensive commercial arrangements with these and other telecommunications companies who have secretly agreed to tap their own and their customers’ or partners’ overseas cables for the intelligence agency GCHQ. Intelligence chiefs also wished to conceal the identities of countries helping GCHQ and its US partner the NSA by sharing information or providing facilities.

There are also some details about how the UK government authorized the tapping in secret (of course), and suggests that the powers are exceptionally broad (because, of course they are):

Although GCHQ interception of overseas communications can be authorised by a general “external” tapping warrant, the wording of the law does not permit storage of every communication for examination, as GCHQ wished to do. In 2009, the spooks persuaded then Foreign Secretary David Miliband to sign a new warrant legalising what they wished to do. The terms of such warrants have never been published.

The special “external” warrants, issued under the Regulation of Investigatory Powers Act (RIPA), authorise the interception of all communications on specified international links. Miliband’s first 2009 warrant for TEMPORA authorised GCHQ to collect information about the “political intentions of foreign powers”, terrorism, proliferation, mercenaries and private military companies, and serious financial fraud.

Certificates attached to external interception warrants are re-issued every six months, and can be changed by ministers at will. GCHQ officials are then free to target anyone who is overseas or communicating from overseas without further checks or controls, if they think they fall within the terms of a current certificate.

The article also details how a special team at BT will help GCHQ figure out how to tap cables without others knowing about them:

The GCHQ-contracted companies also install optical fibre taps or “probes” into equipment belonging to other companies without their knowledge or consent.... Snowden’s leaks reveal that every time GCHQ wanted to tap a new international optical fibre cable, engineers from “REMEDY” (BT) would usually be called in to plan where the taps or “probe” would physically be connected to incoming optical fibre cables, and to agree how much BT should be paid.

Considering that The Register claims that not publishing this information is what kept the UK government from taking The Guardian to court, it will be interesting to see how they react to The Reg's decision to publish. The article also has a lot more details about the GCHQ using a top secret base in Oman to capture all of this undersea cable traffic as well, which I would imagine is a big part of what the government had hoped to keep secret. The stuff about the big telco and cable companies helping tap undersea fiber cables (and getting paid for it) doesn't seem particularly surprising at all. It's been known for years that AT&T has done that for the US government, so it's not clear why anyone felt the need to keep the equivalent so secret in the UK.

Either way, it seems like all of these efforts to keep certain aspects of these stories secret eventually fail. And the "top secret" stuff gets revealed one way or another eventually anyway. That doesn't mean that indiscriminate disclosure necessarily makes sense (though some of you will likely disagree), but it should make people realize that there needs to be very good reasons for keeping certain information secret, or it will almost certainly be disclosed eventually.

from the seems-a-bit-extreme dept

There's not much in the way of detail, and our UK readers have pointed out in the past that The Times Online is hardly the most reputable of newspapers in the UK, but it's reporting that the UK government is considering spending £12 billion on a system to spy on the internet browsing histories, emails and phone calls of everyone in the UK. That seems almost too ridiculous to be true, so consider us to be skeptical that this is actually what's happening -- but we'll mention it here with the link back to the source to see if some of our readers can fill us in on the details (or lack of details, as the case may be).

from the drawing-more-attention... dept

Apparently a whistleblower recently leaked some evidence that German authorities were using a special trojan horse software to tap Skype audio conversations. The document detailing this was leaked to the German Pirate Party, one of many international "Pirate Parties" that have been formed in recent years to push for more reasonable government policies on a variety of fronts from intellectual property to privacy and government surveillance. Illegally tapping Skype conversations may be illegal, but it seems that German authorities are a lot more interested in tracking down who leaked the documents and have raided the homes of various German Pirate Party members, confiscating computer equipment. Of course, if anything, this would seem to confirm that the government was at least experimenting with, if not actively using, such a trojan horse wiretapping program -- and the raids have only served to generate much more attention over that fact.